Potential dangerous XSS hole in simpaty.php
Find this:
Code:
<form action=\"" . $_SERVER["PHP_SELF"] . "?action=add&" . ($resp_type == 1?'good':'bad') . "&type=$type&targetid=$targetid\" method=\"post\">
And replace with this:
Code:
<form action=\"" . $_SERVER["PHP_SELF"] . "?action=add&" . ($resp_type == 1?'good':'bad') . "&type=".htmlspecialchars($type)."&targetid=$targetid\" method=\"post\">
Then in simpaty.php find this:
Code:
$type = $_GET['type'
And replace with:
Code:
$type = htmlentities($_GET['type']);
index.php - (Blind SQL Injection in index.php)
Find this:
Code:
$choice = $_POST["choice"];
Replace with:
Code:
$choice = (int) $_POST["choice"];
This list still be updated!!!